none
Move Active Directory, DNS and DHCP to a new server

    Question

  • Hi all,

    I have an environment with two Windows Server 2003 Domain Controllers, the main DC (Global Catalog, RID, PDC and Infrastructure Master) will be replaced with a new server with same Operating System, I have to migrate DC, DHCP and DNS roles, and old server will be decomissioned. It is my first migration, so could you please suggest most adequate steps to do this?

    Thanks and regards

    Monday, March 05, 2012 3:28 PM

Answers

  • Hi all,

    I have an environment with two Windows Server 2003 Domain Controllers, the main DC (Global Catalog, RID, PDC and Infrastructure Master) will be replaced with a new server with same Operating System, I have to migrate DC, DHCP and DNS roles, and old server will be decomissioned. It is my first migration, so could you please suggest most adequate steps to do this?

    Thanks and regards

    I must agree with everyone, why bother using Windows 2003, and not move forward with the latest OS? Also, if this is new hardware, such as a new server, there may not be drivers for 2003 (check the vendor's website or support if this is the case).

    .

    In addition to what's been already offered by everyone - and I must say it's lots of good info, by the way, here are a couple links, such as if you want to keep the same name of the old server on the new server, and remove the old server after you're done.

    .

    Remove an Old DC and Introduce a New DC with the Same Name and IP Address
    http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx 

    Remove a Current Operational Domain Controller from Active Directory (Includes tranferring FSMO roles, DNS settings, Time settings, WINS settings, etc)
    http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-a-current-operational-domain-controller-from-active-directory.aspx 

    .

    Ace

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, March 05, 2012 4:04 PM

All replies

  • Why same OS, if you are going to configure new DC why not extend the current schema and use windows 2008 R2 and install DC role to utilize enhancements and features in windows 2008 R2.

    You can install new server, run dcpromo on it and allow it to replicate to the new DC. If DNS is AD-Integrated, you don't have to do anything, it will replicate automatically just you need to install DNS role on the new DC. For DHCP, you can import/export the database.

    Creating an additional domain controller

    http://technet.microsoft.com/en-us/library/cc738032%28v=ws.10%29.aspx

    FSMO role transfer

    http://www.petri.co.il/transferring_fsmo_roles.htm

    Windows Time Server Role in AD Forest/Domain

    http://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain/

    For DHCP movement

    http://support.microsoft.com/kb/325473

    http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx

    After, verifying everything you can demote the DC but not before you check application where old DC name is not hard coded.Make sure clients are updated with new DNS server IP.


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, March 05, 2012 3:47 PM
    Moderator
  • Best option is to add additional DC to your existing domain and transfer all roles. Review the following Wiki article:

    http://social.technet.microsoft.com/wiki/contents/articles/2903.aspx

    Since you are using the same OS, you don’t need to upgrade the schema.


    Santhosh Sivarajan | Houston, TX
    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

    Monday, March 05, 2012 3:52 PM
  • Hi,

    I would suggest to go for latest OS Windows 2008 R2 instead of 2003.

    Here is thread for 2008R2 migration:  http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/a2dca83f-0a2e-49b1-87f9-3fbb6f493218
    Also for same OS (2003), first of all run DCDIAG, NETDIAG and REPADMIN /REPLSUM comands on existing DC for any error.

    If evrything is clean, proceed like this:

    • Install a windows 2003 on new server and make it as a member server.
    • Use dcpromo to promote the  new 2003 box.
    • Make new a global catalog also make it a DNS server and make sure you also configure forwarders and setup zones as needed.
    • After the reboot make sure replication is working.
    • Once you are made sure that AD/DNS replication is working (assuming you are using AD integrated DNS) then check sysvol.
    • Transfer FSMO roles to the new DC.
    • Configure the new PDC role owner as an authorative time server.
    • Make sure clients (static and DHCP) are now also pointing to the new DC for DNS.
    • Then when you are ready you can shut the old 2003 down (I always do that to make sure I didn't miss anything).  This can be done once you have new as well as other DCs up.
    • Once you are ok with the new & existing DC and that everything is working you can run dcpromo and demote the old 2003 DC.
    • I would personally leave the old 2003 DC as member servers and have DHCP run on them, but that can be moved over to the other server too.

    Refer below links:
    Installing a domain controller
    http://technet2.microsoft.com/WindowsServer/en/Library/8b6b5d4d-1fe5-47ae-8773-7d47b2c47ac11033.mspx

    How to view and transfer FSMO roles in Windows Server 2003
    http://support.microsoft.com/kb/324801

    Transfer Time server Role:
    http://abhijitw.wordpress.com/2011/10/08/time-server-configuration-to-sync-pdc-emulator-to-an-external-time-source/

    How to move a DHCP database from a computer that is running Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is running Windows Server 2003
    http://support.microsoft.com/kb/325473

    Demote a domain controller
    http://technet2.microsoft.com/WindowsServer/en/Library/f82e0fb0-552f-4b94-9ece-f550388976571033.mspx


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.



    Monday, March 05, 2012 3:55 PM
  • Hi all,

    I have an environment with two Windows Server 2003 Domain Controllers, the main DC (Global Catalog, RID, PDC and Infrastructure Master) will be replaced with a new server with same Operating System, I have to migrate DC, DHCP and DNS roles, and old server will be decomissioned. It is my first migration, so could you please suggest most adequate steps to do this?

    Thanks and regards

    I must agree with everyone, why bother using Windows 2003, and not move forward with the latest OS? Also, if this is new hardware, such as a new server, there may not be drivers for 2003 (check the vendor's website or support if this is the case).

    .

    In addition to what's been already offered by everyone - and I must say it's lots of good info, by the way, here are a couple links, such as if you want to keep the same name of the old server on the new server, and remove the old server after you're done.

    .

    Remove an Old DC and Introduce a New DC with the Same Name and IP Address
    http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx 

    Remove a Current Operational Domain Controller from Active Directory (Includes tranferring FSMO roles, DNS settings, Time settings, WINS settings, etc)
    http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-a-current-operational-domain-controller-from-active-directory.aspx 

    .

    Ace

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, March 05, 2012 4:04 PM
    1. install New additional domain controllers
    2. Transfer the FSMO roles to new DC - http://support.microsoft.com/kb/324801
    3. Take the DHCP configuration and DB backup using the command netsh dhcp server export C:\dhcp.txt all - http://support.microsoft.com/kb/325473
    4. Install the DHCP role in the new domain controller - http://support.microsoft.com/kb/325473
    5. Import the DB and configuration files to new DC using the command netsh dhcp server export C:\dhcp.txt all - http://support.microsoft.com/kb/325473
    6. Before you authorize the new DHCP stop the service from the old server.
    7. Once you tested all the functionality of new DC and DHCP server swap the IP if there is any dependency.
    8. Then go for decommissioning of old DC using the command DCPROMO
    9. And perform the metadata cleanup from the new DC to ensure all the entries been deleted from AD database. - http://support.microsoft.com/kb/216498


    Sajeed AM

    Monday, March 05, 2012 4:18 PM
  • Hi,

    How are things going? I just want to check if the information provided was helpful. If there is any update or concern, please feel free to let us know.


    Best Regards,
    Aiden

     


    Aiden Cao

    TechNet Community Support

    Tuesday, March 06, 2012 2:48 AM
    Moderator
  • Please check health of your domain using Dcdaig tool and use netdiag to test the network connectivity. Once all test passed proceed with the migration.

    http://jaredheinrichs.com/how-to-replace-a-windows-server-2003-domain-controller.html

    You can start adding Additional domain controller by running dcpromo on it. once it run successfully, allow some time for replication purpose.

    You can transfer the FSMO Roles to your new DC using ntdsutil command line.

    http://support.microsoft.com/kb/255504

    Configuring Time Source for forest.

    http://technet.microsoft.com/en-us/library/cc784800(v=ws.10).aspx

    If DNS is AD integrated , then install DNS service on your New DC and wait for the replication. ( No need of manual movement).

    You can refer below link to understand how manually DNS zones can be moved.

    http://portal.hostingcontroller.com/KB/a108/how-can-i-manually-move-dns-zone-files-from-one-server.aspx

    DHCP Migration.

    http://support.microsoft.com/kb/325473

    http://blogs.technet.com/b/teamdhcp/archive/2009/02/18/migration-of-dhcp-server-from-windows-server-2003-to-windows-server-2008.aspx

    Once above done , test DNS,DHCP,FSMO on your new DC.

    after this you can demote your old DC.

    (Note - For some reason if , old DC is not getting demoted using DCpromo command line then you need to forcefully demote the old DC using dcpromo /forceremoval and then clean the old reference (metadata cleanup) of DC using ntdsutil command line)

    http://support.microsoft.com/kb/216498

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, March 06, 2012 7:17 AM

  • I must agree with everyone, why bother using Windows 2003, and not move forward with the latest OS? Also, if this is new hardware, such as a new server, there may not be drivers for 2003 (check the vendor's website or support if this is the case).

    .

    In addition to what's been already offered by everyone - and I must say it's lots of good info, by the way, here are a couple links, such as if you want to keep the same name of the old server on the new server, and remove the old server after you're done.

    .

    Remove an Old DC and Introduce a New DC with the Same Name and IP Address
    http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx 

    Remove a Current Operational Domain Controller from Active Directory (Includes tranferring FSMO roles, DNS settings, Time settings, WINS settings, etc)
    http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-a-current-operational-domain-controller-from-active-directory.aspx 

    .

    Ace

    .


    Thanks to everyone for your fast answers. I followed Ace procedure to Remove an Old DC and Introduce a New DC with the Same Name and IP Address in a test environment and seems that worked fine. Later this week I will follow the procedure in the customer environment.

    Thank you!!!!!!

    Tuesday, March 06, 2012 1:45 PM
  • I'm glad to hear you've found them helpful. :-)

    Cheers!

    Ace


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, March 08, 2012 1:38 AM
  • hi  i have migrated from 2003r2 standard  to 2008r2 .i created Dc2 and created one user in DC2 AND CHECK IN dc1. its working and i trasfer fsmo roles from dc1 through ntdsutil roles have trasfer to DC2 my issue is when i type repadmin /replsum it show errors 

    source dsa                                  largest delta                           fails/total           %%        error

    DC                                                    16M:56S                                 0/5                  0

    DC1                                                    11M:18S                              0 /5                   0

    destination  DSA                        largest delta                                    fails/total        %%          error

    DC                                                        11m:18s                                      0 /5           0

    DC1                                                       16m:56s                                     0 /5           0

    could u help me is this replication problem what should i do because i when i removed DC old server in DC1 eeroe in dns and i have cant log in through remote .when i connect old server then i have connect remotly it worked .  is any one to help me

    Friday, March 21, 2014 12:00 PM
  • hi  i have migrated from 2003r2 standard  to 2008r2 .i created Dc2 and created one user in DC2 AND CHECK IN dc1. its working and i trasfer fsmo roles from dc1 through ntdsutil roles have trasfer to DC2 my issue is when i type repadmin /replsum it show errors 

    source dsa                                  largest delta                           fails/total           %%        error

    DC                                                    16M:56S                                 0/5                  0

    DC1                                                    11M:18S                              0 /5                   0

    destination  DSA                        largest delta                                    fails/total        %%          error

    DC                                                        11m:18s                                      0 /5           0

    DC1                                                       16m:56s                                     0 /5           0

    could u help me is this replication problem what should i do because i when i removed DC old server in DC1 eeroe in dns and i have cant log in through remote .when i connect old server then i have connect remotly it worked .  is any one to help me

    Friday, March 21, 2014 12:00 PM
  • hi  i have migrated from 2003r2 standard  to 2008r2 .i created Dc2 and created one user in DC2 AND CHECK IN dc1. its working and i trasfer fsmo roles from dc1 through ntdsutil roles have trasfer to DC2 my issue is when i type repadmin /replsum it show errors 

    source dsa                                  largest delta                           fails/total           %%        error

    DC                                                    16M:56S                                 0/5                  0

    DC1                                                    11M:18S                              0 /5                   0

    destination  DSA                        largest delta                                    fails/total        %%          error

    DC                                                        11m:18s                                      0 /5           0

    DC1                                                       16m:56s                                     0 /5           0

    could u help me is this replication problem what should i do because i when i removed DC old server in DC1 eeroe in dns and i have cant log in through remote .when i connect old server then i have connect remotly it worked .  is any one to help me

    This is an old thread. We usually suggest to create and post a new thread so you *own* the thread.

    However, just as an FYI, if you're juggling DCs around, there are many little things that must be taken into account. With just posting symptoms, and without knowing specific configuration information, it's difficult to ascertain or diagnose. It appears you may not have set the configs on the DCs correctly in preparation to remove an older one. See if these links help:

    How to replace single domain controller in domain with a single domain controller?
    http://support.microsoft.com/kb/555549

    Install a replica DC with DNS AD Integrated Zones
    http://blogs.msmvps.com/acefekay/2012/11/28/install-a-replica-dc-with-dns-ad-integrated-zones/

    AD Upgrade Checklist and Procedure
    http://blogs.msmvps.com/acefekay/2012/11/28/ad-upgrade-checklist-and-procedure/

    Remove an Old DC and Introduce a New DC with the Same Name and IP Address
    Published by Ace Fekay, MCT, MVP DS on Oct 9, 2010 at 1:18 PM  8  0
    http://msmvps.com/blogs/acefekay/archive/2010/10/09/remove-an-old-dc-and-introduce-a-new-dc-with-the-same-name-and-ip-address.aspx


    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, April 02, 2014 11:40 PM